Security Policy Reporting a Vulnerability We are currently using dependabot to automatically open pull requests to fix vulnerbilities.